From 0b63408260ad59fbfead05b94ada309d1f08e7a4 Mon Sep 17 00:00:00 2001 From: Daniel Thompson Date: Fri, 5 Dec 2014 08:48:59 +0000 Subject: [PATCH] usb: Prevent memcpy() being called with NULL arguments If there is no additional iface data then iface->extra is NULL and iface->extralen is zero. Passing NULL to memcpy is undefined behaviour even if the length of data to copy is zero. In other words a conforming (debug) memcpy implementation is permitted to assert(dst && src) without checking the value of n. Add an extra branch to avoid this. --- lib/usb/usb_standard.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/usb/usb_standard.c b/lib/usb/usb_standard.c index 3b0dac9a..42458722 100644 --- a/lib/usb/usb_standard.c +++ b/lib/usb/usb_standard.c @@ -93,12 +93,14 @@ static uint16_t build_config_descriptor(usbd_device *usbd_dev, total += count; totallen += iface->bLength; /* Copy extra bytes (function descriptors). */ - memcpy(buf, iface->extra, - count = MIN(len, iface->extralen)); - buf += count; - len -= count; - total += count; - totallen += iface->extralen; + if (iface->extra) { + memcpy(buf, iface->extra, + count = MIN(len, iface->extralen)); + buf += count; + len -= count; + total += count; + totallen += iface->extralen; + } /* For each endpoint... */ for (k = 0; k < iface->bNumEndpoints; k++) { const struct usb_endpoint_descriptor *ep =